[ 95.233648][ T27] audit: type=1800 audit(1582224935.282:26): pid=9660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 96.056406][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 96.056416][ T27] audit: type=1800 audit(1582224936.122:29): pid=9660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 96.083218][ T27] audit: type=1800 audit(1582224936.132:30): pid=9660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. 2020/02/20 18:55:50 parsed 1 programs 2020/02/20 18:55:51 executed programs: 0 syzkaller login: [ 111.534163][ T9829] IPVS: ftp: loaded support on port[0] = 21 [ 111.590407][ T9829] chnl_net:caif_netlink_parms(): no params data found [ 111.638941][ T9829] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.646602][ T9829] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.655485][ T9829] device bridge_slave_0 entered promiscuous mode [ 111.664041][ T9829] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.672238][ T9829] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.680304][ T9829] device bridge_slave_1 entered promiscuous mode [ 111.697983][ T9829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.708959][ T9829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.728535][ T9829] team0: Port device team_slave_0 added [ 111.736191][ T9829] team0: Port device team_slave_1 added [ 111.750626][ T9829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.757828][ T9829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.784183][ T9829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.796737][ T9829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.804592][ T9829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.831462][ T9829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.902975][ T9829] device hsr_slave_0 entered promiscuous mode [ 111.932291][ T9829] device hsr_slave_1 entered promiscuous mode [ 112.044548][ T9829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 112.093993][ T9829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 112.163620][ T9829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 112.213721][ T9829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 112.286603][ T9829] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.293842][ T9829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.301947][ T9829] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.309014][ T9829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.353775][ T9829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.367029][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.377608][ T2909] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.386260][ T2909] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.395167][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 112.408096][ T9829] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.419587][ T2730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.428791][ T2730] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.435922][ T2730] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.451411][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.459826][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.466976][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.489864][ T9829] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 112.500439][ T9829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 112.515704][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.524456][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.533389][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.543204][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 112.561542][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 112.568997][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 112.576957][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 112.584808][ T2911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.594646][ T9829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.618265][ T2730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 112.627521][ T2730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 112.648391][ T9829] device veth0_vlan entered promiscuous mode [ 112.660657][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 112.669356][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 112.678937][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 112.688478][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 112.701702][ T9829] device veth1_vlan entered promiscuous mode [ 112.722288][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 112.731738][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 112.740348][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 112.750194][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 112.762133][ T9829] device veth0_macvtap entered promiscuous mode [ 112.772216][ T9829] device veth1_macvtap entered promiscuous mode [ 112.789784][ T9829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.797317][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 112.806066][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 112.815168][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 112.824396][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 112.836543][ T9829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.844511][ T2730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 112.853428][ T2730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 113.182341][ T9856] [ 113.184695][ T9856] ===================================== [ 113.190217][ T9856] WARNING: bad unlock balance detected! [ 113.195745][ T9856] 5.6.0-rc2-syzkaller #0 Not tainted [ 113.201964][ T9856] ------------------------------------- [ 113.207493][ T9856] syz-executor.0/9856 is trying to release lock (&file->mut) at: [ 113.215219][ T9856] [] ucma_destroy_id+0x24a/0x490 [ 113.221692][ T9856] but there are no more locks to release! [ 113.228075][ T9856] [ 113.228075][ T9856] other info that might help us debug this: [ 113.236117][ T9856] 1 lock held by syz-executor.0/9856: [ 113.241550][ T9856] #0: ffff8880a11dd460 (&file->mut){+.+.}, at: ucma_destroy_id+0x1e7/0x490 [ 113.250223][ T9856] [ 113.250223][ T9856] stack backtrace: [ 113.256276][ T9856] CPU: 1 PID: 9856 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 113.265082][ T9856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.275664][ T9856] Call Trace: [ 113.278957][ T9856] dump_stack+0x197/0x210 [ 113.283273][ T9856] ? ucma_destroy_id+0x24a/0x490 [ 113.288206][ T9856] print_unlock_imbalance_bug.cold+0x114/0x123 [ 113.294352][ T9856] ? ucma_destroy_id+0x24a/0x490 [ 113.299273][ T9856] lock_release+0x5f2/0x960 [ 113.303770][ T9856] ? lock_downgrade+0x920/0x920 [ 113.308616][ T9856] ? ucma_destroy_id+0x1e7/0x490 [ 113.313886][ T9856] ? ucma_destroy_id+0x1c0/0x490 [ 113.318835][ T9856] ? mutex_trylock+0x2d0/0x2d0 [ 113.323588][ T9856] ? ucma_destroy_id+0x1c0/0x490 [ 113.328615][ T9856] __mutex_unlock_slowpath+0x86/0x6a0 [ 113.334235][ T9856] ? lock_downgrade+0x920/0x920 [ 113.339076][ T9856] ? wait_for_completion+0x440/0x440 [ 113.344357][ T9856] mutex_unlock+0xd/0x10 [ 113.348580][ T9856] ucma_destroy_id+0x24a/0x490 [ 113.355355][ T9856] ? ucma_close+0x310/0x310 [ 113.359962][ T9856] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.366197][ T9856] ? _copy_from_user+0x12c/0x1a0 [ 113.371154][ T9856] ucma_write+0x2d7/0x3c0 [ 113.375482][ T9856] ? ucma_close+0x310/0x310 [ 113.379967][ T9856] ? ucma_open+0x290/0x290 [ 113.384370][ T9856] ? apparmor_file_permission+0x27/0x30 [ 113.390612][ T9856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.396851][ T9856] ? security_file_permission+0x8f/0x380 [ 113.402480][ T9856] __vfs_write+0x8a/0x110 [ 113.406797][ T9856] ? ucma_open+0x290/0x290 [ 113.411193][ T9856] vfs_write+0x268/0x5d0 [ 113.416048][ T9856] ksys_write+0x220/0x290 [ 113.420358][ T9856] ? __ia32_sys_read+0xb0/0xb0 [ 113.425112][ T9856] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 113.430692][ T9856] ? do_syscall_64+0x26/0x790 [ 113.435360][ T9856] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.441409][ T9856] ? do_syscall_64+0x26/0x790 [ 113.446072][ T9856] __x64_sys_write+0x73/0xb0 [ 113.450653][ T9856] do_syscall_64+0xfa/0x790 [ 113.455148][ T9856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.461027][ T9856] RIP: 0033:0x45c449 [ 113.466152][ T9856] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.485742][ T9856] RSP: 002b:00007f5c79d18c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.494150][ T9856] RAX: ffffffffffffffda RBX: 00007f5c79d196d4 RCX: 000000000045c449 [ 113.502101][ T9856] RDX: 0000000000000018 RSI: 0000000020001380 RDI: 0000000000000003 [ 113.510184][ T9856] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 113.518144][ T9856] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 113.526117][ T9856] R13: 0000000000000c8a R14: 00000000004d7660 R15: 000000000076bfcc [ 113.537621][ T9856] ================================================================== [ 113.545700][ T9856] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x93/0x6a0 [ 113.554173][ T9856] Read of size 8 at addr ffff8880a11dd000 by task syz-executor.0/9856 [ 113.562415][ T9856] [ 113.564744][ T9856] CPU: 1 PID: 9856 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 113.573310][ T9856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.583377][ T9856] Call Trace: [ 113.586664][ T9856] dump_stack+0x197/0x210 [ 113.591009][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 113.596567][ T9856] print_address_description.constprop.0.cold+0xd4/0x30b [ 113.603579][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 113.609108][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 113.614661][ T9856] __kasan_report.cold+0x1b/0x32 [ 113.619583][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 113.625113][ T9856] kasan_report+0x12/0x20 [ 113.629425][ T9856] check_memory_region+0x134/0x1a0 [ 113.634524][ T9856] __kasan_check_read+0x11/0x20 [ 113.639598][ T9856] __mutex_unlock_slowpath+0x93/0x6a0 [ 113.646356][ T9856] ? lock_downgrade+0x920/0x920 [ 113.651208][ T9856] ? wait_for_completion+0x440/0x440 [ 113.656520][ T9856] mutex_unlock+0xd/0x10 [ 113.660767][ T9856] ucma_destroy_id+0x24a/0x490 [ 113.665521][ T9856] ? ucma_close+0x310/0x310 [ 113.670025][ T9856] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.676272][ T9856] ? _copy_from_user+0x12c/0x1a0 [ 113.681476][ T9856] ucma_write+0x2d7/0x3c0 [ 113.685792][ T9856] ? ucma_close+0x310/0x310 [ 113.690292][ T9856] ? ucma_open+0x290/0x290 [ 113.694701][ T9856] ? apparmor_file_permission+0x27/0x30 [ 113.700232][ T9856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.706471][ T9856] ? security_file_permission+0x8f/0x380 [ 113.712461][ T9856] __vfs_write+0x8a/0x110 [ 113.716783][ T9856] ? ucma_open+0x290/0x290 [ 113.721220][ T9856] vfs_write+0x268/0x5d0 [ 113.725559][ T9856] ksys_write+0x220/0x290 [ 113.729880][ T9856] ? __ia32_sys_read+0xb0/0xb0 [ 113.734639][ T9856] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 113.740167][ T9856] ? do_syscall_64+0x26/0x790 [ 113.744848][ T9856] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.750918][ T9856] ? do_syscall_64+0x26/0x790 [ 113.755608][ T9856] __x64_sys_write+0x73/0xb0 [ 113.760703][ T9856] do_syscall_64+0xfa/0x790 [ 113.765209][ T9856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.771097][ T9856] RIP: 0033:0x45c449 [ 113.775005][ T9856] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.794859][ T9856] RSP: 002b:00007f5c79d18c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.803279][ T9856] RAX: ffffffffffffffda RBX: 00007f5c79d196d4 RCX: 000000000045c449 [ 113.811953][ T9856] RDX: 0000000000000018 RSI: 0000000020001380 RDI: 0000000000000003 [ 113.824950][ T9856] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 113.832924][ T9856] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 113.840886][ T9856] R13: 0000000000000c8a R14: 00000000004d7660 R15: 000000000076bfcc [ 113.848857][ T9856] [ 113.851173][ T9856] Allocated by task 9856: [ 113.855514][ T9856] save_stack+0x23/0x90 [ 113.859692][ T9856] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 113.865305][ T9856] kasan_kmalloc+0x9/0x10 [ 113.869615][ T9856] kmem_cache_alloc_trace+0x158/0x790 [ 113.874968][ T9856] ucma_open+0x4f/0x290 [ 113.879105][ T9856] misc_open+0x395/0x4c0 [ 113.883329][ T9856] chrdev_open+0x245/0x6b0 [ 113.887734][ T9856] do_dentry_open+0x4e6/0x1380 [ 113.892605][ T9856] vfs_open+0xa0/0xd0 [ 113.896580][ T9856] path_openat+0x12ee/0x3490 [ 113.901164][ T9856] do_filp_open+0x192/0x260 [ 113.905663][ T9856] do_sys_openat2+0x5eb/0x7e0 [ 113.910348][ T9856] do_sys_open+0xf2/0x180 [ 113.914669][ T9856] __x64_sys_openat+0x9d/0x100 [ 113.919423][ T9856] do_syscall_64+0xfa/0x790 [ 113.923922][ T9856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.929800][ T9856] [ 113.932133][ T9856] Freed by task 9850: [ 113.936119][ T9856] save_stack+0x23/0x90 [ 113.940270][ T9856] __kasan_slab_free+0x102/0x150 [ 113.945200][ T9856] kasan_slab_free+0xe/0x10 [ 113.949744][ T9856] kfree+0x10a/0x2c0 [ 113.953644][ T9856] ucma_close+0x275/0x310 [ 113.958207][ T9856] __fput+0x2ff/0x890 [ 113.962458][ T9856] ____fput+0x16/0x20 [ 113.966439][ T9856] task_work_run+0x145/0x1c0 [ 113.971031][ T9856] exit_to_usermode_loop+0x316/0x380 [ 113.976457][ T9856] do_syscall_64+0x676/0x790 [ 113.981044][ T9856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.986910][ T9856] [ 113.989220][ T9856] The buggy address belongs to the object at ffff8880a11dd000 [ 113.989220][ T9856] which belongs to the cache kmalloc-256 of size 256 [ 114.003265][ T9856] The buggy address is located 0 bytes inside of [ 114.003265][ T9856] 256-byte region [ffff8880a11dd000, ffff8880a11dd100) [ 114.018037][ T9856] The buggy address belongs to the page: [ 114.023691][ T9856] page:ffffea0002847740 refcount:1 mapcount:0 mapping:ffff8880aa4008c0 index:0x0 [ 114.032784][ T9856] flags: 0xfffe0000000200(slab) [ 114.037643][ T9856] raw: 00fffe0000000200 ffffea0002527cc8 ffffea000251dbc8 ffff8880aa4008c0 [ 114.046220][ T9856] raw: 0000000000000000 ffff8880a11dd000 0000000100000008 0000000000000000 [ 114.055920][ T9856] page dumped because: kasan: bad access detected [ 114.062467][ T9856] [ 114.064795][ T9856] Memory state around the buggy address: [ 114.070846][ T9856] ffff8880a11dcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 114.078903][ T9856] ffff8880a11dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 114.086965][ T9856] >ffff8880a11dd000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.095011][ T9856] ^ [ 114.099076][ T9856] ffff8880a11dd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.108104][ T9856] ffff8880a11dd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 114.116586][ T9856] ================================================================== [ 114.128319][ T9856] Kernel panic - not syncing: panic_on_warn set ... [ 114.135018][ T9856] CPU: 0 PID: 9856 Comm: syz-executor.0 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 114.144974][ T9856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.155055][ T9856] Call Trace: [ 114.158438][ T9856] dump_stack+0x197/0x210 [ 114.162878][ T9856] panic+0x2e3/0x75c [ 114.166888][ T9856] ? add_taint.cold+0x16/0x16 [ 114.171555][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 114.177094][ T9856] ? preempt_schedule+0x4b/0x60 [ 114.183043][ T9856] ? ___preempt_schedule+0x16/0x18 [ 114.188173][ T9856] ? trace_hardirqs_on+0x5e/0x240 [ 114.193203][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 114.199276][ T9856] end_report+0x47/0x4f [ 114.203422][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 114.209023][ T9856] __kasan_report.cold+0xe/0x32 [ 114.213879][ T9856] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 114.220906][ T9856] kasan_report+0x12/0x20 [ 114.225236][ T9856] check_memory_region+0x134/0x1a0 [ 114.230351][ T9856] __kasan_check_read+0x11/0x20 [ 114.235205][ T9856] __mutex_unlock_slowpath+0x93/0x6a0 [ 114.240559][ T9856] ? lock_downgrade+0x920/0x920 [ 114.245424][ T9856] ? wait_for_completion+0x440/0x440 [ 114.250782][ T9856] mutex_unlock+0xd/0x10 [ 114.255007][ T9856] ucma_destroy_id+0x24a/0x490 [ 114.259804][ T9856] ? ucma_close+0x310/0x310 [ 114.264300][ T9856] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 114.271130][ T9856] ? _copy_from_user+0x12c/0x1a0 [ 114.276072][ T9856] ucma_write+0x2d7/0x3c0 [ 114.280482][ T9856] ? ucma_close+0x310/0x310 [ 114.284980][ T9856] ? ucma_open+0x290/0x290 [ 114.289391][ T9856] ? apparmor_file_permission+0x27/0x30 [ 114.295101][ T9856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.301320][ T9856] ? security_file_permission+0x8f/0x380 [ 114.306931][ T9856] __vfs_write+0x8a/0x110 [ 114.311325][ T9856] ? ucma_open+0x290/0x290 [ 114.315735][ T9856] vfs_write+0x268/0x5d0 [ 114.319990][ T9856] ksys_write+0x220/0x290 [ 114.324323][ T9856] ? __ia32_sys_read+0xb0/0xb0 [ 114.329179][ T9856] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 114.334634][ T9856] ? do_syscall_64+0x26/0x790 [ 114.339306][ T9856] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.345366][ T9856] ? do_syscall_64+0x26/0x790 [ 114.350085][ T9856] __x64_sys_write+0x73/0xb0 [ 114.355846][ T9856] do_syscall_64+0xfa/0x790 [ 114.360426][ T9856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.366305][ T9856] RIP: 0033:0x45c449 [ 114.370493][ T9856] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 114.390181][ T9856] RSP: 002b:00007f5c79d18c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.399461][ T9856] RAX: ffffffffffffffda RBX: 00007f5c79d196d4 RCX: 000000000045c449 [ 114.407410][ T9856] RDX: 0000000000000018 RSI: 0000000020001380 RDI: 0000000000000003 [ 114.415402][ T9856] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 114.423365][ T9856] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 114.431334][ T9856] R13: 0000000000000c8a R14: 00000000004d7660 R15: 000000000076bfcc [ 114.441503][ T9856] Kernel Offset: disabled [ 114.445827][ T9856] Rebooting in 86400 seconds..